Conversation
Signed-off-by: PavelSBorisov <pavel.s.borisov@gmail.com>
Signed-off-by: PavelSBorisov <pavel.s.borisov@gmail.com>
Signed-off-by: PavelSBorisov <pavel.s.borisov@gmail.com>
|
@hiero-ledger/hiero-solo-action-maintainers, as part of the Release Engineering team audits, we are proposing a workflow that enforces conventional commits in the project. |
hendrikebbers
left a comment
hendrikebbers
left a comment
There was a problem hiding this comment.
I do not see the need for CODEOWNERS in the repo. Dependabot makes sense
|
@PavelSBorisov can you give more information about "Release Engineering team audits" and what that means. Got that question from several other community members already |
@hendrikebbers the Release Engineering (GitHub Maintainers) team performs periodic audits on Hiero repositories, making sure that they are up to standards and secure. If we need to exclude certain repositories from certain audit criteria (e.g. CODEOWNERS file) we would need to create a |
@hendrikebbers we are required to perform CI/CD security audits against all repos that we maintain. These audits are intended to be bi-annual and are performed by the @hiero-ledger/github-maintainers team. The overall impact on projects should be minimal as we are ensuring compliance with the security configuration required of all projects in hiero-ledger. What is the justification behind not having CODEOWNERS defined for this project? We can have an exception if needed, but generally even a basic CODEOWNERS file that says Is better than having no codeownership. This way it ensures that a maintainer is responsible for reviewing modifications to the project. |
|
|
||
| # Protection Rules for Github Configuration Files and Actions Workflows | ||
| /.github/ @hiero-ledger/github-maintainers @hiero-ledger/tsc @hiero-ledger/hiero-solo-action-maintainers @hiero-ledger/hiero-solo-action-committers | ||
| /.github/workflows/ @hiero-ledger/github-maintainers |
There was a problem hiding this comment.
| /.github/workflows/ @hiero-ledger/github-maintainers | |
| /.github/workflows/ @hiero-ledger/github-maintainers @hiero-ledger/hiero-solo-action-maintainers |
| /CODEOWNERS @hiero-ledger/github-maintainers | ||
|
|
||
| # Protect the repository root files | ||
| /README.md @hiero-ledger/github-maintainers @hiero-ledger/tsc @hiero-ledger/hiero-solo-action-maintainers @hiero-ledger/hiero-solo-action-committers |
There was a problem hiding this comment.
| /README.md @hiero-ledger/github-maintainers @hiero-ledger/tsc @hiero-ledger/hiero-solo-action-maintainers @hiero-ledger/hiero-solo-action-committers | |
| /README.md @hiero-ledger/github-maintainers @hiero-ledger/tsc @hiero-ledger/hiero-solo-action-maintainers |
| ##### Global Protection Rule ###### | ||
| ################################### | ||
| # NOTE: This rule is overriden by the more specific rules below. This is the catch-all rule for all files not covered by the more specific rules below | ||
| * @hiero-ledger/tsc @hiero-ledger/hiero-solo-action-maintainers @hiero-ledger/hiero-solo-action-committers |
There was a problem hiding this comment.
| * @hiero-ledger/tsc @hiero-ledger/hiero-solo-action-maintainers @hiero-ledger/hiero-solo-action-committers | |
| * @hiero-ledger/tsc @hiero-ledger/hiero-solo-action-maintainers |
| # NOTE: Must be placed last to ensure enforcement over all other rules | ||
|
|
||
| # Protection Rules for Github Configuration Files and Actions Workflows | ||
| /.github/ @hiero-ledger/github-maintainers @hiero-ledger/tsc @hiero-ledger/hiero-solo-action-maintainers @hiero-ledger/hiero-solo-action-committers |
There was a problem hiding this comment.
| /.github/ @hiero-ledger/github-maintainers @hiero-ledger/tsc @hiero-ledger/hiero-solo-action-maintainers @hiero-ledger/hiero-solo-action-committers | |
| /.github/ @hiero-ledger/github-maintainers @hiero-ledger/tsc @hiero-ledger/hiero-solo-action-maintainers |
| **/LICENSE @hiero-ledger/github-maintainers | ||
|
|
||
| # Git Ignore definitions | ||
| **/.gitignore @hiero-ledger/github-maintainers @hiero-ledger/tsc @hiero-ledger/hiero-solo-action-maintainers @hiero-ledger/hiero-solo-action-committers |
There was a problem hiding this comment.
| **/.gitignore @hiero-ledger/github-maintainers @hiero-ledger/tsc @hiero-ledger/hiero-solo-action-maintainers @hiero-ledger/hiero-solo-action-committers | |
| **/.gitignore @hiero-ledger/github-maintainers @hiero-ledger/tsc @hiero-ledger/hiero-solo-action-maintainers |
|
|
||
| # Git Ignore definitions | ||
| **/.gitignore @hiero-ledger/github-maintainers @hiero-ledger/tsc @hiero-ledger/hiero-solo-action-maintainers @hiero-ledger/hiero-solo-action-committers | ||
| **/.gitignore.* @hiero-ledger/github-maintainers @hiero-ledger/tsc @hiero-ledger/hiero-solo-action-maintainers @hiero-ledger/hiero-solo-action-committers No newline at end of file |
There was a problem hiding this comment.
| **/.gitignore.* @hiero-ledger/github-maintainers @hiero-ledger/tsc @hiero-ledger/hiero-solo-action-maintainers @hiero-ledger/hiero-solo-action-committers | |
| **/.gitignore.* @hiero-ledger/github-maintainers @hiero-ledger/tsc @hiero-ledger/hiero-solo-action-maintainers | |
| jobs: | ||
| title-check: | ||
| name: Title Check | ||
| runs-on: ubuntu-latest |
There was a problem hiding this comment.
@PavelSBorisov there should be a self-hosted runner configured for solo action. Please ensure that all workflows are using the self-hosted runner configuration.
|
@hendrikebbers This is a requirement under the OpenSSF Best Practices: https://best.openssf.org/SCM-BestPractices/gitlab/project/repository_require_code_owner_reviews_policy.html It is my understanding that LF/LFDT requires projects to adhere to the OpenSSF best practices. (see: https://lf-hyperledger.atlassian.net/wiki/spaces/TF/pages/21011885/Project+Lifecycle+Transitions+based+on+OpenSSF+Scorecard) |
4 participants
Description:
Related issue(s):
Related to #39
Notes for reviewer:
Checklist